Cyentia Cybersecurity Research Library
  • Sources
  • Tags
  • About
  • Sponsors
  • More from Cyentia

Injection Attack-

Below you will find reports with the tag of “Injection Attack-”

image from The True Cost of CVE Management in Containers

The True Cost of CVE Management in Containers

Common Vulnerabilities and Exposures (aka CVEs) in containers, at least according to the interviews conducted for this study, are a pain (in the vuln). Chainguard conducted ten interviews with software professionals at a range of companies that build or operate containers. The interview questions dealt with the processes and workflows that these professionals use to identify, triage, and remediate CVEs in containers. Many of the questions either involved a request for a time estimate of each step of the process or probed the “why” behind the process or workflow.

(more available)
Added: September 24, 2024
image from 2024 Open Source Security and Risk Analysis Report

2024 Open Source Security and Risk Analysis Report

This report uses data from the Synopsys Black Duck Audit Services team’s analysis of anonymized findings from 1,067 commercial codebases across 17 industries during 2023. The Audit Services team has helped security, development, and legal teams around the world strengthen their security and license compliance programs for over 20 years. The team audits thousands of codebases for our customers each year, with the primary aim of identifying software risks during merger and acquisition (M&A) transactions.

(more available)
Added: March 5, 2024
image from Hacker Powered Security Report 2023

Hacker Powered Security Report 2023

The 7th annual Hacker-Powered Security Report goes deeper than ever before with customer insights, in addition to the opinions of some of the world’s top hackers. We also take a more comprehensive look at the top ten vulnerabilities and how various industries are performing when it comes to incentivizing hackers to find the vulnerabilities that are most important to them.

(more available)
Added: December 15, 2023
image from Entering Through the Gift Shop: Attacks on Commerce

Entering Through the Gift Shop: Attacks on Commerce

In this latest State of the Internet/Security (SOTI) report, we examine various attack types that commerce organizations and their customers face. We explore our multitude of datasets in areas such as web applications, bots, phishing, and usage of third-party scripts, to get a “pulse” of what’s happening in this sector and help cybersecurity leaders and practitioners understand some of the threat trends impacting the commerce industry. Akamai sees an enormous number of attacks across all our security tools, so we can share the shifts we see in malware attacks, customer impacts, regulatory requirements, and emerging threats.

(more available)
Added: August 11, 2023
image from Prioritization to Prediction, Vol. 9

Prioritization to Prediction, Vol. 9

This latest installment of the Prioritization to Prediction research series, created by the Cyentia Institute and sponsored by Cisco (formerly commissioned by Kenna Security), does just that: It explores the KEV and gives some context to what it means (and doesn’t mean) for other organizations. Moreover, we demonstrate how the KEV can fit into any risk-based vulnerability management program. In fact, here are some key findings, but you’ll really want to read the whole report to get the good stuff.

(more available)
Added: August 7, 2023
image from The Invicti AppSec Indicator 2023

The Invicti AppSec Indicator 2023

In our bi-annual AppSec Indicator report, we uncover insights and trends to guide best practices in vulnerability identification and remediation. For this year’s Spring edition of the Invicti AppSec Indicator, we analyzed data from 1.7 million scans conducted by the 1,700 customers that use our cloud dynamic application security testing (DAST) offering, representing approximately half of our entire customer base.

(more available)
Added: May 11, 2023
image from The Evolving CVE Landscape

The Evolving CVE Landscape

In this report, sponsored by F5 Labs, we take a step back and examine the universe of vulnerabilities (defined by the CVE) and how it’s changed in the last 20 years. As you will see, we will find some surprising things along the way.

(more available)
Added: March 1, 2023
image from Gaming in a Pandemic

Gaming in a Pandemic

In this edition, we look at the attacks and trends in the gaming industry during 2020. It was a volatile year, and we’re not just speaking about the pandemic. Web attacks targeting the gaming industry were up 340% year over year between 2019 and 2020, and credentials stuffing attacks were up 224%. Strangely enough, DDoS attacks against the gaming industry fell by nearly 20% during the same period.

(more available)
Added: September 14, 2022
image from Gaming Respawned

Gaming Respawned

This SOTI report looks at current state of online gaming. it also examines the most pervasive threats coming from online criminals. Ans to fully explore the topic of attacks on gaming, we dig deeper into the data around web application and API attacks, Distributed Denial of Service (DDoS) trends, the overarching goals of attackers, and more. This report also explored the threat landscape that has grown out of the pandemic in the gaming industry and the impact of cyberattacks on gaming companies.

(more available)
Added: September 14, 2022
image from The State of Pentesting: 2020

The State of Pentesting: 2020

The State of Pentesting: 2020 report assesses which web application security vulnerabilities can be found reliably using machines and which require human expertise to manually identify. The scope of his exploration is black-box penetration testing (“humans”) against dynamic scanning and out-of-band testing (“machines”) for web applications.

(more available)
Added: May 16, 2022
image from State of Security Within eCommerce 2021

State of Security Within eCommerce 2021

A review of trends in e-commerce security and attacks based upon a variety of sources collected via Impreva Research labs.

(more available)
Added: November 19, 2021
image from The State of the State of Application Exploits in Security Incidents

The State of the State of Application Exploits in Security Incidents

A meta-analysis of industry reports on the variety and forms of application exploits used in security incidents.

Added: July 22, 2021
image from Prioritization to Prediction Volume 7: Establishing Defender Advantage

Prioritization to Prediction Volume 7: Establishing Defender Advantage

Do exploit code releases help or harm defenders? We decided to put this hotly contested debate to the test. The seventh volume of the Prioritization to Prediction series produced in conjunction with the Cyentia Institute attacks this debate from all angles. Poring over Kenna Security’s own threat and vulnerability intelligence, anonymized platform data, and Fortinet exploitation data, we analyzed over 6 billion vulnerabilities affecting 13 million active assets across nearly 500 organizations.

(more available)
Added: May 13, 2021
image from The State of Security within eCommerce

The State of Security within eCommerce

A review of the threat volume and characteristics affecting e-commerce.

Added: November 21, 2020
image from State of Software Security: Volume 11

State of Software Security: Volume 11

The 2020 edition of this annual report uses results of software scan patterns and results across thousands of global customers. A focus for this edition is the effects of nature (the corporate environment of applications) vs. nurture (the behaviors developers take) and the relative effect each has on application security.

(more available)
Added: October 27, 2020
image from SOTI/Security - Loyalty for Sale

SOTI/Security - Loyalty for Sale

This edition of the State of the Internet (SOTI)/Security report series focuses on the retail and hospitality sectors. An extensive review of how credential abuse attacks are carried out from both a methodology perspective and a volumetric angle is given.

(more available)
Added: October 21, 2020
image from Web Application Vulnerability Report 2020

Web Application Vulnerability Report 2020

A review of web application vulnerabilities as seen through Acuentix’s web scans between March 2019 and February 2020.

Added: September 30, 2020
image from 2020 Application Security Observability Report

2020 Application Security Observability Report

A report from aggregate telemetry on Contrast Security customers’ applications between June 2019 and May 2020. Covers application vulnerability prevalence, time to remediation, attacks, and composition, among other themes.

(more available)
Added: September 16, 2020
image from 2020 Open Source Security and Risk Analysis Report

2020 Open Source Security and Risk Analysis Report

The 2020 OSSRA includes insights and recommendations to help security, risk, legal, and development teams better understand the open source security and license risk landscape.

(more available)
Added: July 31, 2020
image from State of Open Source Security Report 2020

State of Open Source Security Report 2020

The annual report from Snyk on the state of open source software from a security perspective. Includes survey data from 500+ developers, internal Snyk vulnerability data from the projects monitored by Snyk, and additional aggregated source code repository data.

(more available)
Added: June 25, 2020
image from State of the Internet / Security Vol. 6: Financial Services — Hostile Takeover Attempts

State of the Internet / Security Vol. 6: Financial Services — Hostile Takeover Attempts

This is the 6th annual SOTI from Akamai. The Key findings are: • Between November 2017 and October 2019, more than 40% of the unique DDoS targets were in the financial services industry • Traditional logins (username and password) still account for the majority (74%) of access methods to applications and services • From May to October 2019, credential stuffing attacks targeting the financial services industry have targeted APIs, often accounting for 75% or more of the total login attacks against financial services

(more available)
Added: March 1, 2020
  • ««
  • «
  • 1
  • 2
  • 3
  • 4
  • »
  • »»
© Cyentia Institute 2025
Library updated: June 24, 2025 00:08 UTC (build b1d7be4)